CYSA CompTIA Cybersecurity Analyst



We deliver training live-on-line, on site, and on demand.

This course is a practical way to demonstrate knowledge and advance a career as a member of a computer security incident response team.

Students will become cybersecurity professional community members. Practice in this course will lead to critical knowledge and skills that are required to prevent, detect, and combat cybersecurity threats.

The actual certification exam will be easier than the course practice exams.

If your organization would like this course at a particular time or location, it is available for groups greater than 8 with a contract. 


  • CompTIA Cybersecurity Analyst
  • Governing Body: CompTIA
  • External exam costs: $346 in United States
  • Price does/does not include exam

Security / Technical / Certification

This course fulfills NICE/NICCS Categories and Roles:

  • Protect and Defend (PR) Cyber Defense Incident Responder PR-CIR-001

This is a DOD 8570 compliant course for the following roles:

  • IAT II,CSSP An, In, Ir, Au

Since the computing environment specific to tools is critical to success in the field, we offer the tools and operating systems in our cyber range setup that match most students’ live environment.

DOD acronyms

  • Information Assurance Technical (IAT)
  • Information Assurance  Management (IAM)
  • Computer Network Defense Service Providers (CND-SPs)
  • IA System Architects and Engineers (IASAEs)
  • Cyber Security Service Providers (CSSP)
    • Analyst – An
    • Infrastructure support -In
    • Incident responder – Ir
    • Auditor – Au
    • Manager – Ma

We expect every student to build a functioning complete enterprise incident response system in a virtual environment. This activity will help them to develop and support an enterprise security program. As a side benefit of the course, students will pass the exam and validate their skills as a cybersecurity professional via certification.

  • Identify and use computer networking concepts, protocols, and network security methodologies.
  • Understand basic risk management processes.
  • Execute secure network administration principles.
  • Distinguish and differentiate cyber threats and vulnerabilities.
  • Replace suitable certification for security experience such as with CompTIA Security+.
  • Configure and implement virtual machine and basic virtual network environments.
  • Configure and implement client server operating systems of both Linux and Microsoft.
  • Knowledge and skills necessary to troubleshoot, install, operate and configure basic network infrastructure.
  • Replace suitable certification for technical experience such as with CompTIA Network+.

Upon completion of the course the student should be able to:

  • Identify tools and techniques to use to perform an environmental reconnaissance of a target network or security system.
  • Collect, analyze, and interpret security data from multiple log and monitoring sources.
  • Use network host and web application vulnerability assessment tools and interpret the results to provide effective mitigation.
  • Understand and remediate identity management, authentication, and access control issues.
  • Participate in a senior role within an incident response team and use forensic tools to identify the source of an attack.
  • Understand the use of frameworks, policies, and procedures and report on security architecture with recommendations for effective compensating controls.
  • All of the CompTIA SYCA exam objectives
  • Compare and contrast various threats and classify threat profiles
  • Explain the purpose and use of attack methods and techniques
  • Explain the purpose and use of post exploitation tools and tactics
  • Perform ongoing threat landscape research and use data to prepare for incidents
  • Explain the purpose and characteristics of various data sources
  • Use real-time data analysis to detect anomalies
  • Analyze common indicators of potential compromise
  • Use appropriate tools to analyze logs
  • Use appropriate containment methods or tools
  • Use appropriate asset discovery methods or tools
  • Use Windows tools to analyze incidents
  • Use Linux-based tools to analyze incidents
  • Execute the incident response process
  • Explain the importance of best practices in preparation for incident response
  • Identify applicable compliance, standards, frameworks, and best practices
  • Explain the importance of concepts that are unique to forensic analysis
  • Identify common areas of vulnerability
  • Identify the steps of the vulnerability assessment process

All courses are available in live-on-line format.

Technical labs will consume 20-40 hours outside class time. They require basic skills in operating systems and virtualization.

There are 9 different methods of possible exercises used throughout the course in one-hour class meetings. As soon as students become accustomed to a particular flow, or they get comfortable, the instructor will switch methods. Some examples include: packet analysis, what went wrong, and tooltime.

Before class students will complete mindmaps, assigned readings, take practice quizzes, submit case study information, and build flashcards. Each activity is graded as needed.

Readings: We use a customized text developed by our internal experts. This text covers the latest best practices, current state of security and technology. All students are required to have a working computer, microphone, and earbuds.

Labs: Due to the variety of experiences each student brings to the course we expect: basic labs to be executed for exam readiness, intermediate labs to be executed for workforce enablement, and advanced labs to be executed by the expert level field practitioner.

Live Fire Exercises: The world is not a multiple-choice exam, neither is your job. Our presentations, lab demonstrations, and troubleshooting are done outside of class. The world is not a multiple-choice exam, neither is your job. When we join together for one live-on-line hour, it will be for activities that we can only accomplish together. Current Live Fire Exercises include:

  • Packet analysis
  • What went wrong
  • Process to execution
  • Threats and Controls
  • Recite next instruction
  • Snort rules on the fly
  • Today’s vulnerability review
  • ATT&CK and APT
  • Tooltime
  • 1 hour per session
  • 3 sessions per week
  • 10 weeks includes 2 break weeks (also called ‘dark weeks’)
  • Orientation is held for 90 minutes before first live class.
  • Class meeting times are listed on the public calendar.

Today students know what they want and what their budget will permit. We are enabling everyone with Dial-a-Price. You only pay for the training and services you need. In this course you can choose the following options:

  • Exam readiness review 1 on 1 with instructor
  • 1-30 hours of labs 
  • 1-30 hours of live fire exercises with Qualified Incident Commander 

Additional information

Training Level

On-my-schedule, With Virtual Lab, 10Hrs Sync Help, 20Hrs Sync Help, 30Hrs +1 to 1